New FIDO Alliance Design Guidelines: Key takeaways for passkeys and a phishing-resistant user future

The FIDO Alliance is an open industry association launched in 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. Yubico has pioneered the development of FIDO authentication standards that the FIDO Alliance has adopted, working to make the internet safer for all. First published in 2022, the FIDO Alliance Design Guidelines offer data-backed recommendations for designers, engineers, product managers, content strategists, and UX researchers to guide the implementation and expansion of passkey support.

In late May, the alliance released significant updates which include research on passkey management and integrating different passkey types, like synced and device-bound passkeys. Research shows that prominently displaying passkey options within user account settings, alongside other authentication methods, and maintaining consistent styling across platforms with clear messaging effectively motivates users to create and use various passkey types. This approach maximizes adoption as users are more receptive to security actions.

The guidelines emphasize offering a choice between synced and device-bound passkeys (e.g., FIDO security keys like YubiKeys) for flexibility and enhanced security. A unified passkey management UI under “Passkeys” simplifies user interaction.

The guidelines also align with the long-term direction of passkeys. Highlights from additional FIDO research in 2024 show consumer passkey awareness and adoption are on the rise. A majority believe passkeys are more secure (61%) and more convenient than passwords (58%).

Phishing-resistant users: The future of passwordless security

Cybersecurity is designed by people, for people, and can be exploited by people. This is where the concept of a phishing-resistant user comes into focus – it is central in modern cybersecurity, focusing on the human element. With recent advancements in passwordless – and new on-device authentication solutions – the way an organization can establish and manage a user’s identity credential throughout its lifecycle has evolved to address these increasing challenges. In order to truly prevent phishing attacks, organizations must do more than just invest in phishing-resistant authentication – they must instead focus on enabling phishing-resistant users through modern authentication technology.

With awareness of passkeys as a phishing-resistant authentication method on the rise, the focus naturally shifts to the people actually using the technology. As modern and affordable devices proliferate, individuals use personal devices for work emails and work devices for personal tasks. For example, people often possess multiple devices (smartphones, laptops, tablets) across different platforms (Apple, Google, Microsoft) between personal and professional use.

Combining all passkey types in the same interface makes it quick and intuitive to register on a primary device. With research showing that changing behavior requires understanding and motivation, educating users about passkeys within settings can shape attitudes and encourage registration. People need to comprehend and apply advice and must be willing to change their attitudes and intentions. Introducing passkeys in relevant settings helps users adopt them, providing context and increasing engagement.

The YubiKey offers high assurance, high security and convenience: as a single-device passkey (device-bound), you simply plug in your YubiKey and enter a PIN and touch to authenticate — even if you registered on a different device or platform. Your cyber resilience starts with the YubiKey for robust and accessible cybersecurity that delivers phishing-resistant users.

For more information on the new FIDO Alliance Design Guidelines, visit their website here. Ensure the highest security and convenience for your digital accounts with YubiKey and become a phishing-resistant user today – it’s never been easier, with the ability to store up to 100 passkey credentials with the latest YubiKey updates. Visit our store for more information and to purchase keys for your organization.

Talk to our teamTalk to our team

Share this article:


  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane